Pharmaceutical Regulatory and Compliance Congress and Best Practices
Pharmaceutical Regulatory and Compliance Congress and Best Practices Forum Due Diligence Monitoring and Auditing of Third Party Vendors October 28, 2008 Diana Borges Compliance Manager Teva Pharmaceuticals Brian Dahl, Esq. Director of Compliance Teva Pharmaceuticals Michele Girdharry Manager Huron Consulting Group Paul Silver Managing Director Huron Consulting Group Working with Third Parties, Vendors, and Strategic Partners
Agenda I. The Importance of Auditing & Monitoring Third-Party Vendors II. Balancing Business and Compliance Challenges When Auditing III. Criteria When Choosing a Third-Party Vendor to Audit IV. Planning The Audit V. Navigating Challenges that Arise from Audit Results VI. Capturing Compliance Requirements During the Contracting Process 1
The Importance of Auditing & Monitoring Third-Party Vendors 2
Monitoring & Auditing are Essential Parts of an Effective Compliance Program • Pharmaceutical manufacturers are responsible for auditing and monitoring as part of an effective compliance program – One of seven elements – Corporate Integrity Agreements – NV and MA require certification that a manufacturer has conducted audits a part of its compliance program • Demonstrates “proactive” vs. “reactive” action by a manufacturer • Ph. RMA Code states that companies should periodically monitor speaker programs for compliance with FDA regulatory requirements 3
Monitoring & Auditing Responsibility Extends to Third-Party Vendors • All guidance and regulations make clear that pharmaceutical manufacturers are responsible for all vendor activities that involve a healthcare professional • Some Corporate Integrity Agreements are holding companies accountable for vendor activity 4
Evaluating Operational Effectiveness and Process Efficiency • Identifying areas for improvement in the business processes • Assist in addressing future issues up front in the contracting process • Provides documentation that may be necessary when corrective action is required (e. g. termination or modification of a contract, etc) • Conduct due diligence on vendors you are looking to contract or who you may have inherited through acquisition 5
Balancing Business and Compliance Challenges when Auditing 6
Business Unit Challenges • Sense of urgency to get things done • Allocating additional time and resources while managing dayto-day operational responsibilities • Difficulties in taking steps to remedy findings N V – Entrenched vendor – Too far along in negotiations 7
Compliance Challenges • Creating compliance awareness with business units • Diverting resources when a business unit needs a vendor cleared • Choosing appropriate resources for an audit • Getting access to people / documents / systems • Addressing resistance from stakeholders and business units • Determining what courses of action to take with audit results N V 8
Criteria When Choosing a Third-Party Vendor to Audit 9
Areas of Risk Identified Internally at the Company • Interviews with key personnel to identify risks – One-on-one sessions – Casual conversations • Internal audits, QA review or Finance may discover potential vendor issues 10
Current Government Investigations and Advisory Opinions Issued by the OIG • Payments to physicians • Off label Promotion • Transparency • Consider what direction investigative and enforcement actions will take: – Advisory Opinions – Guidance provided by the FDA, DOJ and OIG – OIG Work plan 11
Planning the Audit 12
Scope • Based on potential reasons for the audit, determine the appropriate scope: – Brand / Product / Business Unit – Activity Type – Time period 13
Identifying Audit Resources • An internal audit group may have the infrastructure and relationships to efficiently manage an audit for the Company • An external resource can provide an independent perspective and will have a good understanding of regulatory and compliance issues important to pharmaceutical companies. • A Teaming Approach 14
Establishing a Workplan and Timeline • Determine the specific areas of risk to evaluate • Develop a methodology to test controls in place for each functional area or process managed by a third party vendor • Develop a timeline for the audit that balances business expectations and compliance obligations (e. g. NV, MA, etc. ) 15
Sample Audit Plan Area of Risk Audit Tests Controls that support risk area 16
Navigating Challenges That Arise from Audit Results 17
Determining Appropriate Courses of Action • Prioritizing audit findings • Determine what “buy-in” or approval will be needed • Determine what internal resources and effort are available • Responsibility for resolving issues should be assigned to the business unit – Compliance should provide guidance and oversight to the remediation plan • Numerous findings may require a more comprehensive or follow-up audit • Systemic findings may require modification or review of the vendor relationship 18
Determining who is Responsible for Resolving Risks • Identify all key stakeholders in the business process (e. g. Business unit, Compliance, Legal, etc. ) • Determine who should own the responsibility in the Business unit for: – Managing the action plan – Reviewing and monitoring the action plan – Evaluating the effectiveness of action plan 19
Potentially Terminating a Contract • How much has been invested in the relationship? • What will be the impact on the business unit? • How long will it take to choose a new vendor? • How much will it cost to replace a vendor (i. e. from identifying a new vendor, to going “live”)? 20
Capturing Compliance Requirements During the Contracting Process: Lessons Learned 21
Considerations During the Contracting Process • Teaming with Procurement to reinforce compliance • Ensure vendor can comply with company policies, SOPs and Business rules – Consider requirements when co-promote partner is involved • Establish a process for communicating process and management changes that must be approved by the Company • Require company-specific training for vendor representatives and contractors • Establish periodic auditing of program 22
Considerations During the Contracting Process • Define termination provisions • Establish scheduled reporting requirements for expenses and documentation (i. e. monthly, at the end of each program, etc. ) • Establish document retention requirements (e. g. attendee lists, copies of medical and promotional materials distributed, expense receipts, etc. ) • Require notification if vendor is under or comes under investigation 23
Questions? Diana Borges (215) 591 -8143 diana. borges@tevausa. com Brian Dahl, Esq. (816) 508 -5146 brian. dahl@tevausa. com Michele Girdharry (646) 277 -2237 mgirdharry@huronconsultinggroup. com Paul Silver (678) 672 -6160 Atlanta Office (646) 520 -0200 New York Office psilver@huronconsultinggroup. com 24
- Slides: 25